Manufacturers and governments envision wireless communication between vehicles and road side infrastructure within the next decade. This communication will enable a range of safety, convenience, and business applications.

Unfortunately malicious or selfish individuals could abuse these systems. Our projects investigate how vehicular ad hoc networks (VANETs) face different security challenges than prior ad hoc networks and present novel solutions to a number of those challenges.

Challenges in Securing Vehicular Networks

While resembling traditional sensor and ad hoc networks in some respects, vehicular networks pose a number of unique challenges. For example, the information conveyed over a vehicular network may affect life-or-death decisions, making fail-safe security a necessity. However, providing strong security in vehicular networks raises important privacy concerns that must also be considered. To address these challenges, we propose a set of security primitives that can be used as the building blocks of secure applications. The deployment of vehicular networks is rapidly approaching, and their success and safety will depend on viable security solutions accept- able to consumers, manufacturers and governments.

Flooding-Resilient Broadcast Authentication for VANETs

Digital signatures are one of the fundamental security primitives in VANETs because they provide authenticity and non-repudiation in broadcast communication. However, the current broadcast authentication standard in VANETs is vulnerable to signature flooding: excessive signature verification requests that exhaust the computational resources of victims. In this paper, we propose two efficient broadcast authentication schemes, FastAuth and SelAuth, as two countermeasures to signature flooding. FastAuth secures periodic single-hop beacon messages. By exploiting the sender’s ability to predict its own future beacons, FastAuth enables 50 times faster verification than previous mechanisms using ECDSA. SelAuth secures multi-hop applications in which a bogus signature may spread out quickly and impact a significant number of vehicles. SelAuth provides fast isolation of malicious senders, even under a dynamic topology, while consuming only 15%–30% of the computational resources compared to other schemes.

Efficient and Secure Threshold-based Event Validation for VANETs

Determining whether the number of vehicles reporting an event is above a threshold is an important mechanism for VANETs, because many applications rely on a threshold number of notifications to reach agreement among vehicles, to determine the validity of an event, or to prevent the abuse of emergency alarms. We present the first e!cient and secure threshold-based event validation protocol for VANETs. Quite counter-intuitively, we found that the z-smallest approach o"ers the best tradeo" between security and e!- ciency since other approaches perform better for probabilistic counting. Analysis and simulation shows that our protocol provides > 99% accuracy despite the presence of attackers, collection and distribution of alerts in less than 1 second, and negligible impact on network performance.

VANET Alert Endorsement Using Multi-Source Filters

We propose a security model for Vehicular Ad-hoc Networks (VANETs) to distinguish spurious messages from legitimate messages. In this paper, we explore the information available in a VANET environment to enable vehicles to filter out malicious messages which are transmitted by a minority of misbehaving vehicles. More specifically, we introduce a message filtering model that leverages multiple complementary sources of information to construct a multi-source detection model such that drivers are only alerted after some fraction of sources agree. Our filtering model is based on two main components: a threshold curve and a Certainty of Event (CoE) curve. A threshold curve implies the importance of an event to a driver according to the relative position, and a CoE curve represents the confidence level of the received messages. An alert is triggered when the event certainty surpasses a threshold. We analyze our model and provide some initial simulation results to demonstrate the benefits.

Privacy Preserving VANET Key Management

Vehicular Ad Hoc Networks (VANETs) require a mechanism to help authenticate messages, identify valid vehicles, and remove malevolent vehicles. A Public Key Infrastructure (PKI) can provide this functionality using certificates and fixed public keys. However, fixed keys allow an eavesdropper to associate a key with a vehicle and a location, violating drivers' privacy. In this work we propose a VANET key management scheme based on Temporary Anonymous Certified Keys (TACKs). Our scheme efficiently prevents eavesdroppers from linking a vehicle's different keys and provides timely revocation of misbehaving participants while maintaining the same or less overhead for vehicle-to-vehicle communication as the current IEEE 1609.2 standard for VANET security.

DoS Resilient VANET Authentication

The authentication of VANET messages continues to be an important research challenge. Although much research has been conducted in the area of message authentication in wireless networks, VANETs pose unique challenges, such as real-time constraints, processing limitations, memory constraints, requirements for interoperability with existing standards, extensibility and flexibility for future requirements, etc. No currently proposed technique addresses all of these requirements. After analyzing the requirements for viable VANET authentication, we propose a modified version of TESLA, TESLA++, which provides the same computationally efficient broadcast authentication as TESLA with reduced memory requirements. To address the range of needs within VANETs we propose a new hybrid authentication mechanism, VANET Authentication using Signatures and TESLA++ (VAST), that combines the advantages of ECDSA signatures and TESLA++. ECDSA signatures provide fast authentication and non-repudiation, but are computationally expensive. TESLA++ prevents memory and computation-based Denial of Service attacks.

Authentication of Location Claims in VANETs

In VANET safety applications, the physical location of a sender is at least as important as the cryptographic identity of a sender. Based on this observation, VANET safety applications require two new security properties: Convoy Member Authentication (CMA) and Vehicle Sequence Authentication (VSA). These security properties verify if a sender is driving with and is in front of a receiver, respectively. We propose protocols that provide CMA and VSA. We analyze and evaluate our protocols and conclude that they can detect a range of attacks and represent an important step towards enhancing VANET security.

Contact Us